A bug has been discovered in the 3.1r0 CD/DVD images: new installs from
these images will have a commented-out entry in /etc/apt/sources.list
for "http://security.debian.org/ testing/updates" rather than an active
entry for "http://security.debian.org/ stable/updates", and thus will
not get security updates by default. This was due to incorrect Release
files on the images.
If you have already installed a system using a 3.1r0 CD/DVD image, you
do not need to reinstall. Instead, simply edit /etc/apt/sources.list,
look for any lines mentioning security.debian.org, change "testing" to
"stable", and remove "# " from the start of the line.
If you installed other than from a CD or DVD (for example, netboot, or
booting from floppy and installing the base system from the network),
you are not affected by this bug.
New 3.1r0a images will be available shortly to correct this flaw. In the
meantime, CD vendors should delay pressing CDs or DVDs of Debian 3.1. We
apologise for the inconvenience.
--
Colin Watson [cjwatson@debian.org]
Debian Release Team